Where are we most vulnerable online?

While assessing ways to stay safe from personal information security breeches online, it is critical to understand where we are most vulnerable. Picture your entire information security footprint as a chain, in that chain there are a number of links. The most likely place for you to be compromised is the weakest link in this chain. While we won’t address all of them, here is an example of what some of your links are:

Firewall Hardware

Wireless Access Point

Encryption method

Hardware Firmware

Strength of Password

Personal Computer

File and Disk Encryption

Strength of Password

Software Security Patch Status

Email Account

Provider Filtering

Strength of Password

Circulation of Address

Web Browser

Browser patching

Security Settings

Sandboxing

User

Cautious or careless?

Gullibility

Greed

In the interest of space, this is an abbreviated list, but it hits many of the high points and in particular the big three – User, Browser and Email. The purpose of this series is to address you as a user we touched on it in the first part of this article as well as this personal information security article from 2010. Let’s look at your Web Browser and Email account next.

Web Browsers Role in Personal Information Security

Your web browser is your eyes on the World Wide Web. Without a web browser the 3+ billion active users of the web could not access the 45 billion+ pages of content. In terms of information security, this places the browser at an extremely critical place. If there is one small loophole in the security of the web browser you use, a visit to a single website can lead to a complete compromise of your accounts or worse your identity. In fact in just the 10 seconds or so it took you to read this paragraph, 5 people have become victims of identity theft, 1 every 2 seconds!

It’s Still About You

If the browser is your eyes, you are the brain. Your actions are the real key here. You can do all the right things in terms of securing your web browser:

And in spite of all these precautions still experience a compromise of your information security. You have to commit to becoming a cautious Internet user. Some habits of a cautious Internet user include:

Implement and use a Sandbox (next in this article series)

Stick to only reputable websites.

Only install software from trusted sources.

Validate any unusual correspondence/requests via a phone call to the Company or Individual that sent them.

Never giving personal information unless you initiated the connection (e.g. log on to Amazon.com directly through your browser address bar).

Limit your online shopping to known companies, use Paypal for smaller/lesser known companies.

Not sure about something? Don’t use it.

With those precautions you will be much safer on the web.

Email Accounts Role in Personal Information Security

Email accounts can be accessed either through Web Mail or using an app on your smart phone or computer. The Email address is a public conduit to you from the outside world. Up to this point we’ve talked about things you directed, in the case of Email it is the reverse, what is coming at you specifically. Email has played a role in many hi profile compromises such as the hacking of the RSA, a security firm. The individuals were targeted because of where they worked and the implications were huge. You may not work for a security software company, but you are still a potential target of either direct or broadcast type attacks. The more personal the attack, the more difficult it may be to recognize and avoid it. The broadcast type attacks are usually easy to identify and are obvious to the average Internet user. Many attempts are specific to commonly used products such as ADP payroll, Facebook, even LinkedIn, or other Generic Phishing attempts.

Best Practices for Better Email Security

For starters you should use a strong password for your Email account. Every password you use should also be unique, you can use this tool to generate a strong password be sure to check the box for special characters and hit generate. Write this password down and store it in a safe place until you have memorized it. No-one will guess your password now.

Make sure the company you use for Email hosting has strong filtering in place. I recommend Rackspace (for business) and Google Gmail (for personal) Email, both are fairly good. There is no perfect solution, but using a company that does an above average job means you will see less dangerous stuff in your inbox.

Always access your Web Mail using a sandbox. You will learn more about this in article 3 of this series.

Maintain one or more junk accounts or aliases, those are either accounts that forward to your main one or aliases of the main account that can be easily deleted. This helps to keep your mail Email address in lower circulation. The more circulated your address becomes, the more likely you are to receive malicious or junk messages. Never give your core Email address out to non-essential entities such as blog sign ups, shopping, etc. unless you feel you are adept at dealing with those risks. It is also nice to have a backup Email account as well, for personal or business use.

Set the bar really high for what you allow yourself to click or open, particularly if you don’t have a way to sandbox it. This applies especially to attachments and links from unsolicited sources.

Use security software that protects your Email client (if you use an Email application such as Outlook) or Web browser (if you use Web Mail). Also understand the limits of your security software (read step 4 of this article).

Wrapping Up

These are just some suggestions, as you can probably see by this brief article, this is a complex topic. Don’t worry or become over-whelmed, the best part is yet to come, in part 3 of this series.

About Joe Hackman

In Joe's day job he helps manufacturers eliminate waste in their engineering, CNC programming and machining departments. He is currently 2018-2019 chair of the Sacramento Valley SME, an avid Maker and current Mechatronics student.

In Joe's day job he helps manufacturers eliminate waste in their engineering, CNC programming and machining departments. He is currently 2018-2019 chair of the Sacramento Valley SME, an avid Maker and current Mechatronics student.